1. Field of the Invention
The invention relates to a method for verifying and/or preprocessing data packets which are preferably signed and are received by a receiving device in a vehicle during wireless vehicle-to-environment communication, and to a control device set up to carry out the method.
In the method, the relevance of the received data packets is determined in the receiving device, that is to say the receiver or a downstream computing unit, and the data packets are prioritized for verification and/or preprocessing according to their relevance, the determination of the relevance depending on the distance between the transmitting device and the receiving device, the receiving device being arranged in the vehicle and the distance between the transmitting device and the driver's own vehicle therefore being determined according to the invention. The method provides for the signature of the transmitting devices to be checked when verifying the data packets and/or for the data packets to be preprocessed in an order predefined by the prioritization.
2. Related Art
Vehicle-to-environment communication is currently being developed, in which case various standards (for example ETSI or CEN for Europe or IEEE or SAE for USA) are being developed. Vehicle-to-environment communication (also called V2X communication for short) is usually based on a WLAN transmission technology according to the IEEE 802.11p standard, in which case a GSM/UMTS/LTE or another mobile radio link is also fundamentally possible for communication. Vehicles and infrastructure units (road side units (RSU)) equipped with transmission devices for vehicle-to-environment communication are currently tested on this basis.
A central problem of vehicle-to-environment communication is the authenticity of the data packets transmitted during vehicle-to-environment communication, since the data packets partially contain security-relevant or personal information and therefore a certain degree of protection of these data must be ensured both with regard to the certainty of the transmitter and with regard to the processing by the receiver. In order to meet this security requirement, it is planned to sign and possibly also encrypt each data packet using cryptographic methods. A system which is based on a public key infrastructure (PKI) and has so-called elliptic curves algorithms (ECC) can be used for this purpose. Such methods are generally known and are not the subject matter of the present invention, with the result that such methods do not have to be described in more detail as part of this application.
The received data packets or messages can then be verified by the receiving vehicle before processing and evaluation take place in the individual control devices of the vehicle. In this case, verification comprises, in particular, the checking of the signature of the transmitting device in the receiving device.
This verification is very intensive in terms of computation time and can only be carried out using hardware accelerator chips in conventional control devices according to the current prior art in order to be able to verify an excessively large number of messages and to manage the large number of data packets potentially interchanged during vehicle-to-environment communication.
As part of the currently contemplated standards, provision is made for all emitted data packets to have to be compulsorily signed. However, it is left to the receiver how it deals with the received data packets and whether and in what order the signature of the data packets is checked. Situations are conceivable in which the computing capacity of the computing unit implemented in the receiving device is not sufficient to verify all received data packets and therefore there is a need for a targeted selection of messages or data packets which in all probability have the greatest relevance to the driver's own vehicle.
In this environment, the practice of sorting the received data into at least two relevance classes and, depending on the relevance class, processing the data further in the communication stack and supplying them to authentication or rejecting data packets, for example, or using them only for non-safety-relevant purposes has already been described. In this case, the distance between the object and the vehicle can be selected as the criterion for classification into the relevance classes. Additionally or alternatively, the practice of using a possible collision time based on the distance and the relative speed between the object emitting the data packet and the driver's own vehicle, instead of the distance, has also been described.
In a similar context, US 2007/0109146 A1 discloses the practice of providing an adaptable relevance area in the case of a bidirectional wireless communication link between vehicles, which relevance area is periodically adapted regularly or continuously in accordance with the continuously monitored road condition, visibility conditions and/or vehicle operating conditions. A similar disclosure is also found in WO 03/077223 A1.
However, it has been shown that these measures alone are not suitable for reliably reducing the relevance of received data packets to the extent that relevant data packets can be reliably preselected or prioritized with respect to the available computing capacity in the receiving device (control device).